Manages elasticsearch container using the latest official image inside this repository. Manages the kibana container using the latest official image inside this repository. Updated README.
2.2 KiB
Docker ELK stack
Run the ELK (Elasticseach, Logstash, Kibana) stack with Docker and Docker-compose.
It will give you the ability to quickly test your logstash filters and check how the data can be processed in Kibana.
Based on the official images:
HOW TO
Setup
- Install Docker.
- Install Docker-compose.
- Clone this repository
SELinux
On distributions which have SELinux enabled out-of-the-box you will need to either re-context the files or set SELinux into Permissive mode in order for fig-elk to start properly. For example on Redhat and CentOS, the following will apply the proper context:
.-root@centos ~
`-$ chcon -R system_u:object_r:admin_home_t:s0 fig-elk/
Usage
Start the stack and inject logs
First step, you can edit the logstash-configuration in logstash-conf/logstash.conf. You can add filters you want to test for example.
Then, start the ELK stack using docker-compose:
$ docker-compose up
You can also choose to run it in background (detached mode):
$ docker-compose up -d
Now that the stack is running, you'll want to inject logs in it. The shipped logstash configuration allows you to send content via tcp:
$ nc localhost 5000 < /path/to/logfile.log
Playing with the stack
The stack exposes 4 ports on your localhost:
- 5000: Logstash TCP input.
- 9200: Elasticsearch HTTP (with Marvel plugin accessible via http://localhost:9200/_plugin/marvel)
- 5601: Kibana 4 web interface, access it via http://localhost:5601
Boot2docker
If you're using boot2docker, you must access it via the boot2docker IP address:
- http://boot2docker-ip-address:9200/_plugin/marvel to access the Marvel plugin.
- http://boot2docker-ip-address:5601 to use Kibana 4.